YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.

A bipartisan group of Washington lawmakers solicited details from Pentagon officials that they could use to "damage" former NSA contractor Edward Snowden's "credibility in the press and the court of public opinion."

That's according to declassified government documents obtained exclusively by VICE News in response to a long-running Freedom of Information Act (FOIA) lawsuit. The lawmakers' requests for information were made in December 2013 and again in February 2014, following classified briefings top officials at the Defense Intelligence Agency (DIA) held for oversight committees in the House and Senate about a DIA assessment of the alleged damage to national security caused by Snowden's leak of top-secret documents to journalists Glenn Greenwald, Barton Gellman, and Laura Poitras.

The documents, which originated in the DIA's Office of Corporate Communications, contain the most detailed information to date about the DIA's yearlong discussions with Congress about Snowden's leaks and the costs of the Pentagon's efforts to allay the damage. But the 35 pages of documents do not contain any concrete examples of damage to national security because DIA redacted those details.

However, the documents contain a startling claim revealed here for the first time: Snowden took "over 900,000" Department of Defense (DoD) files — more documents than he downloaded from the NSA about the agency's surveillance programs, according to an undated two-page DIA report that was prepared for the head of a task force that assessed the damage caused by Snowden's leaks in advance of the official briefing [of] the Senate Intelligence Committee. The report references a chart that provides a "breakdown" of the "data sets" Snowden took and the "locations from where they were copied." However, the DIA withheld the information on national security grounds.

Yet in a separate February 6, 2014 summary of a congressional briefing DIA officials held for House Appropriations Subcommittee on Defense staffers, DIA officials were not as explicit about how much information Snowden took from the DoD. The summary, which included a "short overview of the timeline of the disclosures by Edward Snowden," said committee staffers "appeared surprised and concerned at the extent of the Department of Defense information that was potentially compromised by Edward Snowden."

"Many of the [staffers] were interested in Edward Snowden's background, motivations and tactics. Those questions were deferred to [redacted] for future briefings," the congressional summary says. The House Appropriations Subcommittee on Defense was regularly briefed by DIA because it was funding the agency's work to mitigate the damage from the Snowden leaks.

The document goes on to say that committee staffers were told Snowden downloaded military files that "could negatively impact future military operations." But DIA did not disclose details about exactly how that would happen.

David Leatherwood, the DIA's director of operations, explained in a May 21 declaration filed in US District Court in Washington, DC what some of the military intelligence information DIA discussed with Congress relates to and why the agency believes the information must remain classified.

In a paragraph on page three of the documents DIA turned over to VICE News, Leatherwood said "DIA describes the classified discussions [with Congress] concerning the impact of the Snowden disclosures on military plans and operations. The paragraph refers to the assessment of the scope of that impact, and thus warrants classification. Disclosure of the information would degrade the military capabilities of the United States ... "

Additionally, Leatherwood said one paragraph on page twelve of the documents was redacted because it refers to "a nuclear program or facility." Another paragraph on the same page "relates to vulnerabilities or capabilities of systems, installations, infrastructure, projects, plans or protective services related to national security."

Some information within the remaining pages of the congressional briefing documents was withheld because it pertains to "strength and deployment of forces, troop movements, ship sailings, the location and timing of planned attacks, tactics and strategy, operations of weapons systems and supply logistics" and, within two pages, "scientific or technological capabilities related to national security."

"I have determined that the disclosure of this information could reasonably be expected to enable persons and groups hostile to the United States to identify U.S. intelligence activities, methods or sources, and to design countermeasures to defeat them," Leatherwood said.

In a statement last year, Snowden denied DoD and intelligence officials' claims he deliberately downloaded military files. "They rely on a baseless premise, which is that I was after military information," Snowden said.

VICE News has not been able to identify any Snowden-related stories published over the past two years that were based on files the DIA said Snowden downloaded from DoD.

Related: These Are the Financial Disclosure Forms the NSA Said Would Threaten National Security

* * *

After the DIA completed a damage assessment report on December 18, 2013, about how Snowden apparently compromised US counterterrorism operations and threatened national security, leaks from the classified report immediately started to surface in the media. They were sourced to members of Congress and unnamed officials who cast Snowden as a "traitor."

On December 18, the Washington Post's Walter Pincus published a column, citing anonymous sources, that contained details from the Snowden damage assessment. Three days earlier, 60 Minutes had broadcast a report that was widely condemned as overly sympathetic to the NSA. Foreign Policy and Bloomberg published news stories on January 9, 2014, three days after the damage assessment report was turned over to six congressional oversight committees. Both of those reports quoted a statement from Republican congressional leaders who cited the DIA's classified damage assessment report and asserted that Snowden's leaks endangered the lives of US military personnel.

As the weeks passed, according to the DIA documents, more members of Congress were eager to publicly discredit Snowden.

"Members from both sides (Reps. Richard Nugent, Austin Scott, Henry "Hank" Johnson, Jr. and Susan Davis) repeatedly pressed the [DIA] briefers for information from the [Snowden damage] report to be made releasable to the public," states a February 6, 2014 DIA summary prepared for then-DIA director Lieutenant General Michael Flynn and deputy director David Shedd about a briefing on the Snowden leaks for members of the House Armed Services Subcommittee on Emerging Threats and Capabilities.

"[Redacted] explained the restrictions were to [redacted] but the members appeared unmoved by this argument. Overall, HASC [House Armed Services Committee] members were both appreciative of the report and expressed repeatedly that this information needed to be shared with the American public."

The DIA documents obtained by VICE News were released exactly two years after the Guardian published its first report from the cache of documents leaked by Snowden, and during the same week that some of the same lawmakers who sought to discredit Snowden passed a bill that ended the NSA's bulk collection of domestic phone records and Internet metadata — the very program revealed in the first Guardian report. The legislative change is the first time since 9/11 that both houses of Congress have agreed to place a limit on the government's surveillance powers.

* * *

The DIA documents also resolve the thorny question about the genesis of the claim that Snowden downloaded 1.7 million files. For more than a year, the allegation has been cited as fact in numerous news reports but never directly attributed to a named government official.

In a report published on the Intercept in May 2014, Greenwald excoriated journalists for "repeatedly affirming the inflammatory evidence-free claim that Snowden took 1.7 million documents," a number which he said "always has been pure fabrication."

Now, the DIA documents make clear that the accusation came from a list of unclassified Defense Department talking points sent to Congress on January 8, 2014, a day before Foreign Policy and Bloomberg published their reports that contained the same DIA talking points.

"A former NSA contractor downloaded nearly 1.7 million files from Intelligence Community (IC) systems. This is the single greatest quantitative potential compromise of secrets in US history," states the first of five Defense Department talking points.

The other talking points, which do not offer insight into the specific damage Snowden is said to have caused, say:

Much of the information compromised [by Snowden] has the potential to gravely impact the National Security of the United States, to include the Department of Defense [DoD] and its capabilities.

While most of the reporting to date in the press has centered on NSA's acquisition of foreign intelligence to protect the lives of our citizens and allies, the files cover sensitive topics well beyond the NSA collection. Disclosure of this information in the press and to adversaries has the potential to put Defense personnel in harm's way and jeopardize the success of DoD operations.

These unauthorized disclosures have tipped off our adversaries to intelligence sources and methods and negatively impacted our Allies who partner with us to fight terrorism, cyber crimes, human and narcotics trafficking, and the proliferation of weapons of mass destruction. Such international cooperation involving the pooling of information, technology, and expertise is critical to preserve our security and that of our allies.

Snowden is identified by name on some pages of the documents and as a "Person of Interest" or "POI" on other pages due to the government's criminal case against him. During one classified briefing the damage assessment task force officials held for members of the House Intelligence Committee on Intelligence, lawmakers asked why Snowden, "who claims publicly to be seeking to reform NSA… acquired so many DoD files unrelated to NSA activities."

"[Redacted] explained that [Snowden] appeared to have acquired all files he could reach" was the answer. House Intelligence Committee chairman Mike Rogers and Congressman Adam Schiff "raised the issue that most documents were DoD related — which [redacted] confirmed — and both the congressmen stated they believed this simple fact was both unclassified… and was important for changing the narrative" about Snowden, states an undated summary of the House Intelligence Committee briefing the DIA prepared for Flynn and Shedd.

The summary went on to say that much of the briefing was spent on "Q&A with topics including the cost of mitigation, the risk to soldiers on the ground, defense vulnerabilities as a result of the compromise, and the scope of data secured by the Person of Interest."

The DIA summary noted that then-House Armed Services Committee chairman Buck McKeon and then-chairman of the Intelligence, Emerging Threats, and Capabilities subcommittee, Representative Mac Thornberry, held a press conference after the DIA briefing in which they referred to Snowden as a "traitor" and "not a whistleblower."

* * *

The DIA documents contain new revelations about the make-up of the so-called Information Review Task Force (IRTF) charged with assessing the damage from the Snowden leaks that specifically pertain to military files he downloaded. (Earlier this year, the DIA turned over to VICE News 151 pages of its Snowden damage assessments that were completely redacted.)

According to the documents, "on any given day," between 200 and 250 people from DoD "triage, analyze, and assess DoD impacts related to the Snowden compromise." Summaries of the briefings the DIA held for Congress also reference a previously unknown entity: the Joint Staff Mitigation Oversight Task Force (MOTF), which was entrusted with, among other things, assessing the financial costs of "mitigation efforts" resulting from the Snowden leaks in quarterly reports. The NSA has its own Snowden task force that also assessed the alleged damage to national security his leaks about the agency's surveillance programs caused.

At a House Armed Services Committee hearing last year, Army General Martin Dempsey, the chairman of the Joint Chiefs of Staff, said the mitigation task force "will need to function for about two years ... and I suspect it could cost billions of dollars to overcome the loss of security that has been imposed on us."

Related: Official Reports on the Damage Caused by Edward Snowden's Leaks Are Totally Redacted

The Department of Defense said it first learned that Snowden took documents containing Department of Defense information on July 10, 2013, about a month after Snowden disclosed that he was the source of the leaks about the NSA's controversial surveillance programs.

In response, Flynn, the DIA director, "directed the standup of a DoD Task Force to tackle the compromise," states the two-page DIA task force report that was prepared for an official gearing up to brief the Senate Intelligence Committee on the task force's work. "Rather than start from scratch, key members of the task force that assessed the WikiLeaks compromise in 2010 were again brought together to form the nucleus of the 'Information Review Task Force-2. Led by DIA, and working in coordination with the Office of the National Counterintelligence Executive and our Intelligence Community partners, the IRTF-2 includes representations from the military services, the combatant commands, and Joint Chiefs of Staff.'"

VICE founder Shane Smith interviews Secretary of Defense Ash Carter.

The WikiLeaks reference pertains to leaks of hundreds of thousands of government documents to the transparency organization by Chelsea Manning, who was convicted on espionage charges in 2013 and sentenced to 35 years in prison.

Although the DIA released a copy of its second damage assessment report to me last year — albeit a redacted version that did not contain any specific details to support the conclusion that Snowden caused "grave damage" to national security — members of the House Intelligence Committee said the report was "excellent and timely."

The documents reveal that the DIA also completed an even earlier version of a damage assessment report, which congressional staffers said was "one of the most well-read documents by Members in recent years." It's unknown when that task force report was released. Neither the DIA nor spokespeople for lawmakers who were briefed about the Snowden damage reports would comment for this story.

* * *

The DIA's briefings for Congress continued through last September, according to the documents, which reveal that House and Senate Armed Services Committee members were frustrated that the DIA did not share another damage assessment report with the committee that the DIA completed months earlier.

At one briefing that month, Thornberry said "this was a briefing he did not want to miss as it has been a long time since he received an update on what information was compromised and the impact to US national security."

"He also mentioned that it was hard to think of something that has happened in the world that is more deserving of a response and that can affect future funding" of the DIA, according to the DIA's congressional briefing summary.

But another DIA congressional briefing summary, dated September 9, 2014 and sent to DIA deputy director David Shedd, said DIA officials were also "warned" by committee staffers that lawmakers "would be frustrated" if the so-called Joint Staff Mitigation Oversight Task Force "could not show progress and provide specific examples of steps taken to mitigate damage done to capabilities, plans, and partnerships by the [Snowden] breach."

The Senate staffer "recommended focusing less on process and more on mitigation efforts and anticipated costs" of reining in the damage, says the document, which summarized a briefing the DIA and Mitigation task force members held for House and Senate Armed Services Committee staffers.

Ultimately, the lawmakers' efforts to use the information provided to Congress by DIA briefers to discredit Snowden didn't work, according to Snowden's attorney, Ben Wizner of the ACLU.

"Once again, we see that the intelligence community leaked classified information [last year] in order to excoriate Edward Snowden for leaking classified information," Wizner told VICE News. "The difference is that Snowden provided information [to] journalists to inform the public about the government's actions, and the government leaked information in order to misinform the public about his."

This story has been updated to reflect comments made in a sworn declaration by the DIA's David Leatherwood about the reason the agency withheld certain information in the congressional briefing documents.

The Sunday Times’ Snowden Story is Journalism at its Worst — and Filled with Falsehoodsby Glenn GreenwaldJune 14 2015(updated below)

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.

Western journalists claim that the big lesson they learned from their key role in selling the Iraq War to the public is that it’s hideous, corrupt and often dangerous journalism to give anonymity to government officials to let them propagandize the public, then uncritically accept those anonymously voiced claims as Truth. But they’ve learned no such lesson. That tactic continues to be the staple of how major U.S. and British media outlets “report,” especially in the national security area. And journalists who read such reports continue to treat self-serving decrees by unnamed, unseen officials — laundered through their media — as gospel, no matter how dubious are the claims or factually false is the reporting.

We now have one of the purest examples of this dynamic. Last night, the Murdoch-owned Sunday Times published their lead front-page Sunday article, headlined “British Spies Betrayed to Russians and Chinese.” Just as the conventional media narrative was shifting to pro-Snowden sentiment in the wake of a key court ruling and a new surveillance law, the article (behind a paywall: full text here) claims in the first paragraph that these two adversaries “have cracked the top-secret cache of files stolen by the fugitive U.S. whistleblower Edward Snowden, forcing MI6 to pull agents out of live operations in hostile countries, according to senior officials in Downing Street, the Home Office and the security services.” It continues:

Western intelligence agencies say they have been forced into the rescue operations after Moscow gained access to more than 1m classified files held by the former American security contractor, who fled to seek protection from Vladimir Putin, the Russian president, after mounting one of the largest leaks in U.S. history.

Senior government sources confirmed that China had also cracked the encrypted documents, which contain details of secret intelligence techniques and information that could allow British and American spies to be identified.

One senior Home Office official accused Snowden of having “blood on his hands,” although Downing Street said there was “no evidence of anyone being harmed.”

Aside from the serious retraction-worthy fabrications on which this article depends — more on those in a minute — the entire report is a self-negating joke. It reads like a parody I might quickly whip up in order to illustrate the core sickness of Western journalism.

Unless he cooked an extra-juicy steak, how does Snowden “have blood on his hands” if there is “no evidence of anyone being harmed?” As one observer put it last night in describing the government instructions these Sunday Times journalists appear to have obeyed: “There’s no evidence anyone’s been harmed but we’d like the phrase ‘blood on his hands’ somewhere in the piece.”

The whole article does literally nothing other than quote anonymous British officials. It gives voice to banal but inflammatory accusations that are made about every whistleblower from Daniel Ellsberg to Chelsea Manning. It offers zero evidence or confirmation for any of its claims. The “journalists” who wrote it neither questioned any of the official assertions nor even quoted anyone who denies them. It’s pure stenography of the worst kind: some government officials whispered these inflammatory claims in our ears and told us to print them, but not reveal who they are, and we’re obeying. Breaking!

Stephen Colbert captured this exact pathology with untoppable precision in his 2006 White House Correspondents speech, when he mocked American journalism to the faces of those who practice it:

But, listen, let’s review the rules. Here’s how it works.The President makes decisions. He’s the decider. The press secretary announces those decisions, and you people of the press type those decisions down. Make, announce, type. Just put ’em through a spell check and go home. Get to know your family again. Make love to your wife. Write that novel you got kicking around in your head. You know, the one about the intrepid Washington reporter with the courage to stand up to the administration? You know, fiction!

The Sunday Times article is even worse because it protects the officials they’re serving with anonymity. The beauty of this tactic is that the accusations can’t be challenged. The official accusers are being hidden by the journalists so nobody can confront them or hold them accountable when it turns out to be false. The evidence can’t be analyzed or dissected because there literally is none: they just make the accusation and, because they’re state officials, their media servants will publish it with no evidence needed. And as is always true, there is no way to prove the negative. It’s like being smeared by a ghost with a substance that you can’t touch.

This is the very opposite of journalism. Ponder how dumb someone has to be at this point to read an anonymous government accusation, made with zero evidence, and accept it as true.

But it works. Other news agencies mindlessly repeated the Sunday Times claims far and wide. I watched last night as American and British journalists of all kinds reacted to the report on Twitter: by questioning none of it. They did the opposite: they immediately assumed it to be true, then spent hours engaged in somber, self-serious discussions with one another over what the geopolitical implications are, how the breach happened, what it means for Snowden, etc. This is the formula that shapes their brains: anonymous self-serving government assertions = Truth.

By definition, authoritarians reflexively believe official claims — no matter how dubious or obviously self-serving, even when made while hiding behind anonymity — because that’s how their submission functions. Journalists who practice this sort of primitive reporting — I uncritically print what government officials tell me, and give them anonymity so they have no accountability for any of it — do so out of a similar authoritarianism, or uber-nationalism, or laziness, or careerism. Whatever the motives, the results are the same: government officials know they can propagandize the public at any time because subservient journalists will give them anonymity to do so and will uncritically disseminate and accept their claims.

They've been told that we're commies trying to bring down the government. And some of them are being recruited. Creatures are trading wealth, power.

[Frank] You mean people are joining up with them?

[Gilbert] Most of us just sell out right away. Then all of a sudden we get promoted. Our bank accounts get bigger. We start buying new houses, cars. Perfect, isn't it?

At this point, it’s hard to avoid the conclusion that journalists want it this way. It’s impossible that they don’t know better. The exact kinds of accusations laundered in the Sunday Times today are made — and then disproven — in every case where someone leaks unflattering information about government officials.

In the early 1970s, Nixon officials such as John Ehrlichman and Henry Kissinger planted accusations in the U.S. media that Daniel Ellsberg had secretly given the Pentagon Papers and other key documents to the Soviet Union; everyone now knows this was a lie, but at the time, American journalists repeated it constantly, helping to smear Ellsberg. That’s why Ellsberg has constantly defended Snowden and Chelsea Manning from the start: because the same tactics were used to smear him.

The same thing happened with Chelsea Manning. When WikiLeaks first began publishing the Afghan War logs, U.S. officials screamed that they — all together now — had “blood on their hands.” But when some journalists decided to scrutinize rather than mindlessly repeat the official accusation (i.e. some decided to do journalism), they found it was a fabrication.

Writing under the headline “US officials privately say WikiLeaks damage limited,” Reuters’ Mark Hosenball reported that “internal U.S. government reviews have determined that a mass leak of diplomatic cables caused only limited damage to U.S. interests abroad, despite the Obama administration’s public statements to the contrary.”

An AP report was headlined “AP review finds no WikiLeaks sources threatened,” and explained that “an Associated Press review of those sources raises doubts about the scope of the danger posed by WikiLeaks’ disclosures and the Obama administration’s angry claims, going back more than a year, that the revelations are life-threatening.” Months earlier, McClatchy’s Nancy Youssef wrote an article headlined “Officials may be overstating the dangers from WikiLeaks,” and she noted that “despite similar warnings ahead of the previous two massive releases of classified U.S. intelligence reports by the website, U.S. officials concede that they have no evidence to date that the documents led to anyone’s death.”

Now we have exactly the same thing here. There’s an anonymously made claim that Russia and China “cracked the top-secret cache of files” from Snowden’s, but there is literally zero evidence for that claim. These hidden officials also claim that American and British agents were unmasked and had to be rescued, but not a single one is identified. There is speculation that Russia and China learned things from obtaining the Snowden files, but how could these officials possibly know that, particularly since other government officials are constantly accusing both countries of successfully hacking sensitive government databases?

What kind of person would read evidence-free accusations of this sort from anonymous government officials — designed to smear a whistleblower they hate — and believe them? That’s a particularly compelling question given that Vice’s Jason Leopold just last week obtained and published previously secret documents revealing a coordinated smear campaign in Washington to malign Snowden. Describing those documents, he reported: “A bipartisan group of Washington lawmakers solicited details from Pentagon officials that they could use to ‘damage’ former NSA contractor Edward Snowden’s ‘credibility in the press and the court of public opinion.’”

Manifestly then, the “journalism” in this Sunday Times article is as shoddy and unreliable as it gets. Worse, its key accusations depend on retraction-level lies.

The government accusers behind this story have a big obstacle to overcome: namely, Snowden has said unequivocally that when he left Hong Kong, he took no files with him, having given them to the journalists with whom he worked, and then destroying his copy precisely so that it wouldn’t be vulnerable as he traveled. How, then, could Russia have obtained Snowden’s files as the story claims — “his documents were encrypted but they weren’t completely secure ” — if he did not even have physical possession of them?

The only way this smear works is if they claim Snowden lied, and that he did in fact have files with him after he left Hong Kong. The Sunday Times journalists thus include a paragraph that is designed to prove Snowden lied about this, that he did possess these files while living in Moscow:

It is not clear whether Russia and China stole Snowden’s data, or whether he voluntarily handed over his secret documents in order to remain at liberty in Hong Kong and Moscow.

David Miranda, the boyfriend of the Guardian journalist Glenn Greenwald, was seized at Heathrow in 2013 in possession of 58,000 “highly classified” intelligence documents after visiting Snowden in Moscow.

What’s the problem with that Sunday Times passage? It’s an utter lie. David did not visit Snowden in Moscow before being detained. As of the time he was detained in Heathrow, David had never been to Moscow and had never met Snowden. The only city David visited on that trip before being detained was Berlin, where he stayed in the apartment of Laura Poitras.

The Sunday Times “journalists” printed an outright fabrication in order to support their key point: that Snowden had files with him in Moscow. This is the only “fact” included in their story that suggests Snowden had files with him when he left Hong Kong, and it’s completely, demonstrably false (and just by the way: it’s 2015, not 1971, so referring to gay men in a 10-year spousal relationship with the belittling term “boyfriends” is just gross).

Then there’s the Sunday Times claim that “Snowden, a former contractor at the CIA and National Security Agency (NSA), downloaded 1.7m secret documents from western intelligence agencies in 2013.” Even the NSA admits this claim is a lie. The NSA has repeatedly said that it has no idea how many documents Snowden downloaded and has no way to find out. As the NSA itself admits, the 1.7 million number is not the number the NSA claims Snowden downloaded — they admit they don’t and can’t know that number — but merely the amount of documents he interacted with in his years of working at NSA. Here’s then-NSA chief Keith Alexander explaining exactly that in a 2014 interview with the Australian Financial Review:

AFR: Can you now quantify the number of documents [Snowden] stole?

Gen. Alexander: Well, I don’t think anybody really knows what he actually took with him, because the way he did it, we don’t have an accurate way of counting. What we do have an accurate way of counting is what he touched, what he may have downloaded, and that was more than a million documents.

Let’s repeat that: “I don’t think anybody really knows what he actually took with him, because the way he did it, we don’t have an accurate way of counting.” Yet someone whispered to the Sunday Times reporters that Snowden downloaded 1.7 million documents, so like the liars and propagandists that they are, they mindlessly printed it as fact. That’s what this whole article is.

Then there’s the claim that the Russian and Chinese governments learned the names of covert agents by cracking the Snowden file, “forcing MI6 to pull agents out of live operations in hostile countries.” This appears quite clearly to be a fabrication by the Sunday Times for purposes of sensationalism, because if you read the actual anonymous quotes they include, not even the anonymous officials claim that Russia and China hacked the entire archive, instead offering only vague assertions that Russia and China “have information.”

Beyond that, how could these hidden British officials possibly know that China and Russia learned things from the Snowden files as opposed to all the other hacking and spying those countries do? Moreover, as pointed out last night by my colleague Ryan Gallagher — who has worked for well over a year with the full Snowden archive — “I’ve reviewed the Snowden documents and I’ve never seen anything in there naming active MI6 agents.” He also said: “I’ve seen nothing in the region of 1m documents in the Snowden archive, so I don’t know where that number has come from.”

Finally, none of what’s in the Sunday Times is remotely new. U.S. and U.K. government officials and their favorite journalists have tried for two years to smear Snowden with these same claims. In June 2013, the New York Times gave anonymity to “two Western intelligence experts, who worked for major government spy agencies” who “said they believed that the Chinese government had managed to drain the contents of the four laptops that Mr. Snowden said he brought to Hong Kong.” The NYT’s Public Editor chided the paper for printing that garbage, and as I reported in my book, then-editor-in-chief Jill Abramson told The Guardian’s Janine Gibson that they should not have printed that, calling it “irresponsible.” (And that’s to say nothing of the woefully ignorant notion that Snowden — or anyone else these days — stores massive amounts of data on “four laptops” as opposed to tiny thumb drives).

The GOP’s right-wing extremist Congressman Mike Rogers constantly did the same thing. He once announced with no evidence that “Snowden is working with Russia” — a claim even former CIA Deputy Director Michael Morell denies — and also argued that Snowden should “be charged with murder” for causing unknown deaths. My personal favorite example of this genre of reckless, desperate smears is the op-ed that the Wall Street Journal published in May 2014, by neocon Edward Jay Epstein, which had this still-hilarious paragraph:

A former member of President Obama’s cabinet went even further, suggesting to me off the record in March this year that there are only three possible explanations for the Snowden heist: 1) It was a Russian espionage operation; 2) It was a Chinese espionage operation, or 3) It was a joint Sino-Russian operation.

It must be one of those, an anonymous official told me! It must be! Either Russia did it. Or China did it. Or they did it together! That is American journalism.

The Sunday Times today merely recycled the same evidence-free smears that have been used by government officials for years — not only against Snowden, but all whistleblowers — and added a dose of sensationalism and then baked it with demonstrable lies. That’s just how Western journalism works, and it’s the opposite of surprising. But what is surprising, and grotesque, is how many people (including other journalists) continue to be so plagued by some combination of stupidity and gullibility, so that no matter how many times this trick is revealed, they keep falling for it. If some anonymous government officials said it, and journalists repeat it while hiding who they are, I guess it must be true.

UPDATE: The Sunday Times has now quietly deleted one of the central, glaring lies in its story: that David Miranda had just met with Snowden in Moscow when he was detained at Heathrow carrying classified documents. By “quietly deleted,” I mean just that: they just removed it from their story without any indication or note to their readers that they’ve done so (though it remains in the print edition and thus requires a retraction). That’s indicative of the standard of “journalism” for the article itself. Multiple other falsehoods, and all sorts of shoddy journalistic practices, remain thus far unchanged.

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.

UNITED STATES DISTRICT COURTFOR THE DISTRICT OF COLUMBIA

JASON LEOPOLD,Plaintiff,v.DEPARTMENT OF DEFENSE,Defendant.

Civil Action No. 14-0197

SUPPLEMENTAL DECLARATION OF DAVID G. LEATHERWOOD

I, David G. Leatherwood, do hereby declare under penalty of perjury that the following is trueand correct:

I. I am a career Department of Defense (DoD) civilian intelligence officer and haveserved in various intelligence assignments for over 35 years. I currently serve as the Director ofOperations for the Defense Intelligence Agency (DIA) and as a member of the federalgovernment's Senior Executive Service. DIA is responsible for satisfying the military andmilitary-related requirements of the Secretary of Defense, the Chairman of the Joint Chiefs ofStaff, the combatant commands, other DoD components, and, as appropriate, non-DoD agenciesof the federal government. As the Director for Operations, I am responsible for managing theday-to-day intelligence collection operations of this Agency. I have been delegated authority tofunction as an Original Classification Authority (OCA) pursuant to Executive Order 13526.

2. I previously provided a declaration to support the classification status of otherinformation at issue in this civil action. I am providing this supplemental declaration to supportthe classification status of a supplemental release package that was released to the plaintiff in thislitigation on May 15, 2015. The supplemental release package consists of thirty-eight pages ofrecords, seven of which contain no classified information following a declassification review. Ihave determined that the remaining thirty-one pages contain certain sections that remaincurrently and properly classified pursuant to Executive Order 13526. These classified sectionsare therefore exempt from disclosure pursuant to Exemption 1 of the Freedom of InformationAct (FOIA). I will also address two additional issues connected to the classification of recordsthat are at issue in this case. This declaration accompanies the supplemental declaration ofAlesia Y. Williams, the head of this Agency's FOIA operations. Ms. Williams' declaration willaddress other aspects of the handling of this FOIA request, while my declaration will generallyaddress national security classification matters only.

3. I have personally reviewed the documents contained within the supplementalresponse package. The thirty-eight pages of responsive records that were located during thesupplemental search originated with the DIA Office of Corporate Communications and arefocused on the work of the Interagency Review Task Force assigned to assess the damage causedby the activities of former National Security Agency contractor, Edward Snowden. Theseparticular records reflect the communications between DIA and Congressional leadersconcerning the Snowden disclosures. All of these documents were produced for or by, andremain under the control of, the United States Government.

Basis for Classification

4. The current basis for classification of national security information is found inExecutive Order 13526. Section 1.1 of the Order authorizes an OCA to classify informationowned, produced, or controlled by the United States government if it falls within one of thefollowing eight classification categories specified in Section 1.4. The classification categoriesthat are asserted to classify this particular material include:

5. Section 1.2 of Executive Order 13526 provides that information covered by oneor more ofthese classification categories may be classified at one of three classification levels -Top Secret (TS), Secret (S) or Confidential (C) - depending on the degree of harm that wouldresult from the unauthorized disclosure of such information. Information is classified at theConfidential level when its release could reasonably be expected to cause damage to nationalsecurity. Information is classified at the Secret level when its release could reasonably beexpected to cause serious damage to the national security. Classification at the Top Secret levelis maintained if its release could reasonably be expectrd to cause exceptionally grave damage tonational security.

6. Exercising the classification authority delegated to me pursuant to ExecutiveOrder 13526, I have determined that certain information within these reviewed documents wasproperly classified by an Original Classification Authority under the Order and that it remainscurrently and properly classified at the Secret and Top Secret levels. Other information hasbeen declassified because it no longer satisfies the standards set out for national securityclassification. The remaining classified information must therefore be withheld from disclosurepursuant to Exemption 1 of the FOIA in order to protect national security.

Section 1.4(a) - Military Plans, Weapons Systems, and Operations

7. Certain information contained within the supplemental release package isproperly classified under Section 1.4(a) of Executive Order 13526. Section 1.4(a) of the Orderprotects information pertaining to military plans, weapons systems or operations. This includesinformation such as the strength and deployment of forces, troop movements, ship sailings, thelocation and timing of planned attacks, tactics and strategy, operation of weapons systems, andsupply logistics. Protecting such information is critical to maintaining national security.

8. In one paragraph contained within page three of the release package, DIAdescribes the classified discussions concerning the impact of the Snowden disclosures onmilitary plans and military operations. The paragraph refers to the assessment of the scope ofthat impact, and thus warrants classification. I have determined that the disclosure of thisinformation would degrade the military capabilities of the United States and, therefore, causeserious damage to national security. The information is therefore currently and properlyclassified at the Secret level pursuant to Section 1.4(a) of Executive Order 13526.

Section I.4(c) -- Intelligence Sources and Methods

9. DIA withheld certain information from the supplemental release package becauseit relates to intelligence sources and methods, and its disclosure could reasonably be expected tocause either serious or exceptionally grave damage to national security. I have determined that itis thus properly classified as Secret or Top Secret under Section 1.4(c) of Executive Order13526. Section 1.4(c) recognizes that the disclosure of intelligence sources can cause damage tonational security. Intelligence sources can include individuals, foreign or American, foreignentities, and the intelligence and security services of foreign governments. Intelligence sourcescan only be expected to furnish information only when confident that they are protected fromretribution by the absolute secrecy surrounding their relationship to the United Statesgovernment. Sources that are compromised become extremely vulnerable to retaliation from avariety of entities including their own governments or others having a stake in the confidentialityof the information provided by the source.

10. Section 1.4(c) of Executive Order 13526 also recognizes that the release ofintelligence methods can cause damage to national security. Intelligence methods are the meansby which (or the manner in which) an intelligence agency collects information to supportmilitary operations, assist in national policymaking, assess military threats, or otherwiseaccomplish its mission. Detailed knowledge of the methods and practices of an intelligenceagency must be protected from disclosure because such knowledge would be of materialassistance to those who would seek to penetrate, detect, prevent, avoid, or damage theintelligence operations of the United States.

11. I have determined that portions of twenty-eight pages and all of two additionalpages must remain classified pursuant to Section 1.4(c) because this information remains relatesto intelligence sources or methods. I have determined that the disclosure of this informationcould reasonably be expected to enable persons and groups hostile to the United States toidentify U.S. intelligence activities, methods or sources, and to design countermeasures to defeatthem. The withheld information captures discussions about the extent to which these intelligencesources and methods were affected by the Snowden disclosures. Protecting information aboutour vulnerabilities in this area is absolutely critical. Disclosure could be expected to causeserious damage to national security with respect to some of the withheld information andexceptionally grave damage to national security with respect to other withheld information.Therefore, this information remains currently and properly classified at the Secret and Top Secretlevels.

12. DIA also withheld certain information because it relates to scientific andtechnological matters related to national security, and its disclosure could reasonably be expectedto cause serious damage to national security with respect to some of the withheld informationand exceptionally grave damage to national security with respect to other withheld information.I have determined that this information is thus properly classified under Section 1.4(e) ofExecutive Order 13526. Within portions of two pages of the supplemental release package, DIAhas classified information that discusses scientific or technological capabilities that may havebeen affected by the Snowden disclosures. Release of this information would indicate to ouradversaries the extent to which the United States is affected. This information is currently andproperly classified at the Secret and Top Secret level pursuant to Section l.4(e) of ExecutiveOrder 13526. This information is therefore exempt pursuant to Exemption 1 of the FOIA.

Section 1.4(f) - United States GovernmentPrograms for Safeguarding Nuclear Materials or Facilities

13. Section 1.4(f) of Executive Order 13526 protects sensitive information about thesafeguarding of United States Government nuclear materials or facilities. In one paragraph onpage twelve of the supplemental release package, I have determined that there exists onereference to such a nuclear program or facility that must remain classified at the Top Secret levelto prevent exceptionally grave damage to national security. This information is therefore exemptpursuant to Exemption 1 of the FOIA.

14. DIA also withheld portions of one paragraph of information because it relates tovulnerabilities or capabilities of systems, installations, infrastructure, projects, plans or protectiveservices related to national security, its disclosure could reasonably be expected to causeexceptionally grave damage to national security, and it is thus properly classified under Section1.4(g) of Executive Order 13,526. Upon review, I have determined that this small amount ofinformation remains currently and properly classified at the Secret level with respect to some ofthe withheld information and at the Top Secret level with respect to other withheld information.This information is therefore exempt pursuant to Exemption I of the FOIA.

Segregability Review

15. My determination as the OCA is that the withheld classified portions of theinformation contained within the thirty-eight page supplemental release package remainscurrently and properly classified pursuant to Executive Order 13526. Its public disclosure couldreasonably be expected to cause serious or exceptionally grave damage to the national security ofthe United States. As the OCA responsible for determining the appropriate classification statusof the responsive information pursuant to Executive Order 13526, I understand that I am alsoresponsible for advising whether any unclassified portions of these documents could besegregated for release to the requester. A release is required anytime the agency findsunclassified information within a document containing currently and properly classifiedinformation, if withholding of the unclassified information is not appropriate pursuant to theprovisions of another FOIA exemption.

16. I have determined that certain portions of the classified paragraphs and sectionscan be declassified for release to the plaintiff because these portions do not contain classifiedinformation. When it was unnecessary to assert any other exemption to protect this information,Ms. Williams has prepared the document to segregate that non-exempt information. I havedetermined that all reasonably segregable information has been provided to the requester.

Other Issues Raised in Plaintiffs Cross-Motion

17. I will also respond to the plaintiff's apparent misunderstanding or misconstructionof a portion of my first declaration in this case. As I explained in paragraph 23 of thatdeclaration:

DIA asserted Exemption I to protect unclassified references to newspaper articlesin the public domain that have been confirmed to contain unlawfully disclosedclassified information. Confirmation that these specific newspaper articlescontain classified information through the release of these references under theFOIA would cause harm to national security by offering validation that the stoleninformation is classified.

Mr. Leopold suggests this is not a logical or plausible explanation of foreseeable harm tonational security because the newspaper articles have already "been confirmed to containunlawfully disclosed classified information." To be clear, it has not been publicly confirmed bythe United States Government that the unlawfully disclosed, classified information in thesearticles is genuine, accurate, or in fact classified. Rather, the Intelligence Community hasconfirmed that stolen classified information appears in these articles. Releasing references tothose articles in the context of this case would allow sophisticated observers, includingadversaries of the United States, to conclude that the articles do, in fact, contain genuine,accurate, and classified national security information. Even if such adversaries may alreadysuspect the information is genuine, providing further certainty can, in this context, be reasonablyexpected to cause serious or exceptionally grave damage to national security by allowing thoseadversaries to piece together a fully picture of the United States' intelligence and nationaldefense capabilities, and devise countermeasures to defeat our capabilities.

18. Finally, in order to address another issue raised by Mr. Leopold in his cross-motion,I obtained a copy of the transcript of Lieutenant-General Flynn and Director of NationalIntelligence Clapper's open testimony before the House Permanent Select Committee onIntelligence on February 4, 2014. This testimony followed a closed session of the Committee theprior day, in which classified information was discussed. I have examined and considered thestatements made to the Committee by LTC Flynn and DNI Clapper during their open testimony.Neither senior leader divulged information contained within any withheld portions of the recordsprocessed for release to plaintiff as part of his FOJA request. The topics are certainly related, butthe dividing line between classified and unclassified information used by both senior officials indiscussing information in the open testimony matches that of the subject matter experts andclassification officials who reviewed this information for release as part of this case. Put anotherway, the information discussed publicly by LTC Flynn and DNI Clapper is not as specific as oridentical to any information withheld as classified (or otherwise) from Mr. Leopold in responseto his FOIA request that is the subject of this case.

I certify under penalty of perjury that the foregoing is true and correct to the best of myknowledge and belief.

Executed this 21st day of May 2015David O. LeatherwoodDirector for OperationsDefense Intelligence Agency

These Are the Financial Disclosure Forms the NSA Said Would Threaten National SecurityBy Jason LeopoldOctober 10, 2014

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.

Former National Security Agency (NSA) Director Keith Alexander has held investments in a corporation that identifies itself as a "world leader in cloud solutions." And in a "data gathering and research" firm. And in a company that develops software that improves the quality of images captured by surveillance cameras. And in a radio frequency business that, among other things, manufactures amplifiers for air traffic control, radar, and surveillance.

The NSA once said that if revealed, this information [pdf below] would threaten national security.

The agency refused VICE News' July request for copies of Alexander's financial disclosure reports, which he is required to fill out annually under a federal law known as the Ethics and Government Act. The law also states that government agencies are required to release the files upon request.

But attorney Shadey Brown, who is the NSA's ethics officer, said in a July 23 letter that the NSA has routinely denied requests for copies of its officials' financial disclosure reports under the National Security Agency Act of 1959. That law authorizes the NSA to withhold virtually everything about the inner workings of the agency, including data about the names, titles, and salaries of people the agency employs.

Moreover, Brown cited a provision in the Ethics and Government Act that suggested President Barack Obama issued Alexander a waiver that authorized the withholding of his financial reports if disclosure would "compromise the national interest of the United States."

In a lawsuit against the NSA, attorney Jeffrey Light argued that the agency had misinterpreted the laws it cited to justify the ongoing secrecy. Earlier this week, before the case hit a courtroom, a government attorney turned over 59 pages of financial disclosure reports Alexander filed between 2009 and 2014. Brown said in a letter dated October 2 that the NSA was releasing the material "in the interest of transparency."

Alexander's interest in spying was not limited to his tenure as NSA director. He also invested in firms that are on the cutting edge of surveillance technology.

In addition, a government attorney said the NSA would no longer deny access to financial disclosure forms from officials who are required to file the reports — the first time the agency has changed its policies regarding the National Security Agency Act. VICE News subsequently requested the financial disclosure forms of new NSA Director Michael Rogers and another official at the agency. Deputy General Counsel Ariane Cerlenko responded via email saying, "Both of these requests will be processed expeditiously and we expect to get back to you shortly."

Although Alexander was head of the NSA from 2005 through March of this year, Brown said the Ethics and Government Act only requires financial disclosure reports to be released for a period of six years before receipt; therefore, he would not provide reports Alexander filled out prior to 2008.

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, said the National Security Agency Act, like the CIA Act, is a "giant black hole for information."

"Withholding under the Act does not need to be justified on specific national security grounds — it is enough that the information pertains to agency organization, salaries, etc.," Aftergood said. "And the withholding is often done on a reflexive basis, without any serious thought process. What's interesting here, and maybe a tad encouraging, is that NSA changed its mind. What's discouraging, though, is that a lawsuit was necessary."

Alexander resigned as NSA director following a tumultuous year that saw former agency contractor Edward Snowden leak highly classified documents about top-secret NSA surveillance. Alexander then launched private consulting firm IronNet Cybersecurity Inc., reportedly offering to help banks and other firms protect their computer networks from hackers for up to $1 million a month (he later reduced that figure to $600,000 a month).

Representative Alan Grayson accused Alexander of profiting off the sale of classified information.

"Disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony," Grayson wrote last June to three banking groups that hired Alexander as a cyber-consultant. "I question how Mr. Alexander can provide any of the services he is offering unless he discloses or misuses classified information, including extremely sensitive sources and methods. Without the classified information that he acquired in his former position, he literally would have nothing to offer to you."

Alexander's private consulting work and allegations made by Grayson are what prompted VICE News to seek Alexander's financial reports to determine whether he had a stake in any firms with whom he entered into consulting arrangements.

The reports show that Alexander's supervisors — Director of National Intelligence James Clapper and Undersecretary of Defense for Intelligence Michael Vickers — signed off on Alexander's financial interests, affirming that his investments were "unrelated to his prospective duties and no conflicts appear to exist."

That said, Alexander's interest in surveillance was not limited to his tenure as NSA director. He also invested in firms that are on the cutting edge of surveillance technology.

For example, Alexander invested as much as $15,000 in: Pericom Semiconductor, a company that has designed technology for the closed-circuit television and video surveillance markets; RF Micro Devices designs, which manufactures high-performance radio frequency technology that is also used for surveillance; and as much as $50,000 in Synchronoss Technologies, a cloud storage firm that provides a cloud platform to mobile phone carriers (the NSA has been accused of hacking into cloud storage providers).

Alexander also held shares in Datascension, Inc., a data gathering and research company. The Securities and Exchange Commission suspended trading in Datascension last August "due to a lack of current and accurate information" about the company. (Datascension was linked to telemarketing calls that apparently prompted one person in a complaint forum to remark the company is "trying to gain personal information.")

An NSA spokeswoman did not respond to requests for comment, and spokespeople for the technology firms did not respond to VICE News' questions about whether Alexander has offered his consulting services or whether they were awarded contracts with the NSA. Many of the firms have been awarded contracts by the Department of Defense and other government agencies.

UPDATE — October 14, 2014: Stacie Hiras, a spokeswoman for Synchronoss, told VICE News via email that the company "has not had a relationship in the past or currently with the NSA or with Keith Alexander."

NSA collecting phone records of millions of Verizon customers dailyExclusive: Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama by Glenn Greenwald6 June 2013 Last modified on 4 October 2014

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.

Under the terms of the order, the numbers of both parties on a call are handed over, as is location data and the time and duration of all calls. Photograph: Matt Rourke/AP

The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April.

The order, a copy of which has been obtained by the Guardian, requires Verizon on an "ongoing, daily basis" to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.

The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government's domestic spying powers.

Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama.

The unlimited nature of the records being handed over to the NSA is extremely unusual. Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.

The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order.

The court order expressly bars Verizon from disclosing to the public either the existence of the FBI's request for its customers' records, or the court order itself.

The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of "all call detail records or 'telephony metadata' created by Verizon for communications between the United States and abroad" or "wholly within the United States, including local telephone calls".

The order directs Verizon to "continue production on an ongoing daily basis thereafter for the duration of this order". It specifies that the records to be produced include "session identifying information", such as "originating and terminating number", the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and "comprehensive communication routing information".

The information is classed as "metadata", or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such "metadata" is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order.

While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively.

It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders.

The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration's surveillance activities.

For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on "secret legal interpretations" to claim surveillance powers so broad that the American public would be "stunned" to learn of the kind of domestic spying being conducted.

Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of record-gathering it authorized.

Julian Sanchez, a surveillance expert with the Cato Institute, explained: "We've certainly seen the government increasingly strain the bounds of 'relevance' to collect large numbers of records at once — everyone at one or two degrees of separation from a target — but vacuuming all metadata up indiscriminately would be an extraordinary repudiation of any pretence of constraint or particularized suspicion." The April order requested by the FBI and NSA does precisely that.

The law on which the order explicitly relies is the so-called "business records" provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration's extreme interpretation of the law to engage in excessive domestic surveillance.

In a letter to attorney general Eric Holder last year, they argued that "there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows."

"We believe," they wrote, "that most Americans would be stunned to learn the details of how these secret court opinions have interpreted" the "business records" provision of the Patriot Act.

Privacy advocates have long warned that allowing the government to collect and store unlimited "metadata" is a highly invasive form of surveillance of citizens' communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication.

Such metadata is what the US government has long attempted to obtain in order to discover an individual's network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack.

The NSA, as part of a program secretly authorized by President Bush on 4 October 2001, implemented a bulk collection program of domestic telephone, internet and email records. A furore erupted in 2006 when USA Today reported that the NSA had "been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth" and was "using the data to analyze calling patterns in an effort to detect terrorist activity." Until now, there has been no indication that the Obama administration implemented a similar program.

In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically.

At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: "The NSA's capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter."

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.

UNITED STATESFOREIGN INTELLIGENCE SURVEILLANCE COURTWASHINGTON, D.C.

IN RE APPLICATION OF THEFEDERAL BUREAU OF INVESTIGATIONFOR AN ORDER REQUIRING THEPRODUCTION OF TANGIBLE THINGSFROM VERIZON BUSINESS NETWORK SERVICES,INC. ON BEHALF OF MCI COMMUNICATIONSERVICES, INC. D/B/A VERIZONBUSINESS SERVICES.

Docket Number: BR 13-80

SECONDARY ORDER

This Court having found that the Application of the Federal Bureau ofInvestigation (FBI) for an Order requiring the production of tangible things fromVerizon Business Network Services, Inc. on behalf of MCI Communication ServicesInc., d/b/a Verizon Business Services (individually and collectively "Verizon")satisfies the requirements of 50 U.S.C. § 1861,

IT IS HEREBY ORDERED that, the Custodian of Records shall produce to theNational Security Agency (NSA) upon service of this Order, and continue productionon an ongoing daily basis thereafter for the duration of this Order, unless otherwiseordered by the Court, an electronic copy of the following tangible things: all call detailrecords or "telephony metadata" created by Verizon for communications (i) betweenthe United States and abroad; or (ii) wholly within the United States, including localtelephone calls. This Order does not require Verizon to produce telephony metadatafor communications wholly originating and terminating in foreign countries.Telephony metadata includes comprehensive communications routing information,.including but not limited to session identifying information (e.g., originating andterminating telephone number, International Mobile Subscriber Identity (IMSI) number,International Mobile station Equipment Identity (IMEI) number, etc.), trunk identifier,telephone calling card numbers, and time and duration of call. Telephony metadatadoes not include the substantive content of any communication, as defined by 18 U.S.C.§ 2510(8), or the name, address, or financial information of a subscriber or customer.

IT IS FURTHER ORDERED that no person shall disclose to any other person thatthe FBI or NSA has sought or obtained tangible things under this Order, other than to:(a) those persons to whom disclosure is necessary to comply with such Order; (b) anattorney to obtain legal advice or assistance with respect to the production of things inresponse to the Order; or (c) other persons as permitted by the Director of the FBI or theDirector's designee. A person to whom disclosure is made pursuant to (a), (b), or (c)shall be subject to the nondisclosure requirements applicable to a person to whom anOrder is directed in the same manner as such person. Anyone who discloses to aperson described in (a), (b), or (c) that the FBI or NSA has sought or obtained tangiblethings pursuant to this Order shall notify such person of the nondisclosurerequirements of this Order. At the request of the Director of the FBI or the designee ofthe Director, any person making or intending to make a disclosure under (a) or (c)above shall identify to the Director or such designee the person to whom suchdisclosure will be made or to whom such disclosure was made prior to the request.

IT IS FURTHER ORDERED that service of this Order shall be by a methodagreed upon by the Custodian of Records of Verizon and the FBI, and if no agreement isreached, service shall be personal.

This authorization requiring the production of certain call detail records or"telephony metadata" created by Verizon expires on the 19th day of July, 2013, at5:00 p.m., Eastern Time.

Anger swells after NSA phone records court order revelationsSenior politicians reveal that US counter-terrorism efforts have swept up personal data from American citizens for years by Dan Roberts and Spencer Ackerman Washington 6 June 2013 Last modified 4 October 2014

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.

A White House spokesman said that laws governing such orders 'are something that have been in place for a number of years now'. Photograph: Rex Features

The scale of America's surveillance state was laid bare on Thursday as senior politicians revealed that the US counter-terrorism effort had swept up swaths of personal data from the phone calls of millions of citizens for years.

After the revelation by the Guardian of a sweeping secret court order that authorised the FBI to seize all call records from a subsidiary of Verizon, the Obama administration sought to defuse mounting anger over what critics described as the broadest surveillance ruling ever issued.

A White House spokesman said that laws governing such orders "are something that have been in place for a number of years now" and were vital for protecting national security. Dianne Feinstein, the Democratic chairwoman of the Senate intelligence committee, said the Verizon court order had been in place for seven years. "People want the homeland kept safe," Feinstein said.

But as the implications of the blanket approval for obtaining phone data reverberated around Washington and beyond, anger grew among other politicians.

Intelligence committee member Mark Udall, who has previously warned in broad terms about the scale of government snooping, said: "This sort of widescale surveillance should concern all of us and is the kind of government overreach I've said Americans would find shocking." Former vice-president Al Gore described the "secret blanket surveillance" as "obscenely outrageous".

The Verizon order was made under the provisions of the Foreign Intelligence Surveillance Act (Fisa) as amended by the Patriot Act of 2001, passed in the wake of the 9/11 attacks. But one of the authors of the Patriot Act, Republican congressman Jim Sensenbrenner, said he was troubled by the Guardian revelations. He said that he had written to the attorney general, Eric Holder, questioning whether "US constitutional rights were secure".

He said: "I do not believe the broadly drafted Fisa order is consistent with the requirements of the Patriot Act. Seizing phone records of millions of innocent people is excessive and un-American."

The White House sought to defend what it called "a critical tool in protecting the nation from terrorist threats". White House spokesman Josh Earnest said Fisa orders were used to "support important and highly sensitive intelligence collection operations" on which members of Congress were fully briefed.

"The intelligence community is conducting court-authorized intelligence activities pursuant to a public statute with the knowledge and oversight of Congress and the intelligence community in both houses of Congress," Earnest said.

He pointed out that the order only relates to the so-called metadata surrounding phone calls rather than the content of the calls themselves. "The order reprinted overnight does not allow the government to listen in on anyone's telephone calls," Earnest said.

"The information acquired does not include the content of any communications or the name of any subscriber. It relates exclusively to call details, such as a telephone number or the length of a telephone call."

But such metadata can provide authorities with vast knowledge about a caller's identity. Particularly when cross-checked against other public records, the metadata can reveal someone's name, address, driver's licence, credit history, social security number and more. Government analysts would be able to work out whether the relationship between two people was ongoing, occasional or a one-off.

The disclosure has reignited longstanding debates in the US over the proper extent of the government's domestic spying powers.

Ron Wyden of Oregon, a member of the Senate intelligence committee who, along with Udell, has expressed concern about the extent of US government surveillance, warned of "sweeping, dragnet surveillance". He said: "I am barred by Senate rules from commenting on some of the details at this time, However, I believe that when law-abiding Americans call their friends, who they call, when they call, and where they call from is private information.

"Collecting this data about every single phone call that every American makes every day would be a massive invasion of Americans' privacy."

'Beyond Orwellian'

Jameel Jaffer, deputy legal director at the American Civil Liberties Union, said: "From a civil liberties perspective, the program could hardly be any more alarming. It's a program in which some untold number of innocent people have been put under the constant surveillance of government agents.

"It is beyond Orwellian, and it provides further evidence of the extent to which basic democratic rights are being surrendered in secret to the demands of unaccountable intelligence agencies."

Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice under President Obama.

The order names Verizon Business Services, a division of Verizon Communications. In its first-quarter earnings report, published in April, Verizon Communications listed about 10 million commercial lines out of a total of 121 million customers. The court order, which lasts for three months from 25 April, does not specify what type of lines are being tracked. It is not clear whether any additional orders exist to cover Verizon's wireless and residential customers, or those of other phone carriers.

Fisa court orders typically direct the production of records pertaining to a specific, named target suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets. The unlimited nature of the records being handed over to the NSA is extremely unusual.

Feinstein said she believed the order had been in place for some time. She said: "As far as I know this is the exact three-month renewal of what has been the case for the past seven years. This renewal is carried out by the [foreign intelligence surveillance] court under the business records section of the Patriot Act. Therefore it is lawful. It has been briefed to Congress."

The Center for Constitutional Rights said in a statement that the secret court order was unprecedented. "As far as we know this order from the Fisa court is the broadest surveillance order to ever have been issued: it requires no level of suspicion and applies to all Verizon [business services] subscribers anywhere in the US.

"The Patriot Act's incredibly broad surveillance provision purportedly authorizes an order of this sort, though its constitutionality is in question and several senators have complained about it."

Russell Tice, a retired National Security Agency intelligence analyst and whistleblower, said: "What is going on is much larger and more systemic than anything anyone has ever suspected or imagined."

Although an anonymous senior Obama administration official said that "on its face" the court order revealed by the Guardian did not authorise the government to listen in on people's phone calls, Tice now believes the NSA has constructed such a capability.

"I figured it would probably be about 2015" before the NSA had "the computer capacity … to collect all digital communications word for word," Tice said. "But I think I'm wrong. I think they have it right now."

NSA Prism program taps in to user data of Apple, Google and othersby Glenn Greenwald and Ewen MacAskillJune 7, 2013

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.

• Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook • Companies deny any knowledge of program in operation since 2007 • Obama orders US to draw up overseas target list for cyber-attacks

A slide depicting the top-secret PRISM program. Guardian

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.

Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.

In a statement, Google said: "Google cares deeply about the security of our users' data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government 'back door' into our systems, but Google does not have a back door for the government to access private user data."

Several senior tech executives insisted that they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a program. "If they are doing this, they are doing it without our knowledge," one said.

An Apple spokesman said it had "never heard" of Prism.

The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.

The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

It also opens the possibility of communications made entirely within the US being collected without warrants.

Disclosure of the Prism program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.

The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.

Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.

It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

Companies are legally obliged to comply with requests for users' communications under US law, but the Prism program allows the intelligence services direct access to the companies' servers. The NSA document notes the operations have "assistance of communications providers in the US".

The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.

When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.

A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.

Guardian

The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy.

The Prism program allows the NSA, the world's largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.

With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

The presentation claims Prism was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a "home-field advantage" due to housing much of the internet's architecture. But the presentation claimed "Fisa constraints restricted our home-field advantage" because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.

"Fisa was broken because it provided privacy protections to people who were not entitled to them," the presentation claimed. "It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all."

The new measures introduced in the FAA redefines "electronic surveillance" to exclude anyone "reasonably believed" to be outside the USA – a technical change which reduces the bar to initiating surveillance.

The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of co-operating with authorities' requests.

In short, where previously the NSA needed individual authorisations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.

The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming "access is 100% dependent on ISP provisioning".

In the document, the NSA hails the Prism program as "one of the most valuable, unique and productive accesses for NSA".

It boasts of what it calls "strong growth" in its use of the Prism program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was "exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype". There was also a 131% increase in requests for Facebook data, and 63% for Google.

The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also seeks, in its words, to "expand collection services from existing providers".

The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.

Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.

"The problem is: we here in the Senate and the citizens we represent don't know how well any of these safeguards actually work," he said.

"The law doesn't forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can't say and average Americans can't know."

Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.

When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA's inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies' servers.

When the NSA reviews a communication it believes merits further investigation, it issues what it calls a "report". According to the NSA, "over 2,000 Prism-based reports" are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.

In total, more than 77,000 intelligence reports have cited the PRISM program.

Jameel Jaffer, director of the ACLU's Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.

"It's shocking enough just that the NSA is asking companies to do this," he said. "The NSA is part of the military. The military has been granted unprecedented access to civilian communications.

"This is unprecedented militarisation of domestic communications infrastructure. That's profoundly troubling to anyone who is concerned about that separation."

A senior administration official said in a statement: "The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any US citizen or of any person located within the United States.

"The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.

"This program was recently reauthorized by Congress after extensive hearings and debate.

"Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.

"The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target."

Obama orders US to draw up overseas target list for cyber-attacksExclusive: Top-secret directive steps up offensive cyber capabilities to 'advance US objectives around the world' by Glenn Greenwald and Ewen MacAskillJune 7, 2013

NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.

• Read the secret presidential directive here

Barack Obama has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks, a top secret presidential directive obtained by the Guardian reveals.

The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".

It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power".

The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.

The aim of the document was "to put in place tools and a framework to enable government to make decisions" on cyber actions, a senior administration official told the Guardian.

The administration published some declassified talking points from the directive in January 2013, but those did not mention the stepping up of America's offensive capability and the drawing up of a target list.

Obama's move to establish a potentially aggressive cyber warfare doctrine will heighten fears over the increasing militarization of the internet.

The directive's publication comes as the president plans to confront his Chinese counterpart Xi Jinping at a summit in California on Friday over alleged Chinese attacks on western targets.

Even before the publication of the directive, Beijing had hit back against US criticism, with a senior official claiming to have "mountains of data" on American cyber-attacks he claimed were every bit as serious as those China was accused of having carried out against the US.

Presidential Policy Directive 20 defines OCEO as "operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks."

Asked about the stepping up of US offensive capabilities outlined in the directive, a senior administration official said: "Once humans develop the capacity to build boats, we build navies. Once you build airplanes, we build air forces."

The official added: "As a citizen, you expect your government to plan for scenarios. We're very interested in having a discussion with our international partners about what the appropriate boundaries are."

The document includes caveats and precautions stating that all US cyber operations should conform to US and international law, and that any operations "reasonably likely to result in significant consequences require specific presidential approval".

The document says that agencies should consider the consequences of any cyber-action. They include the impact on intelligence-gathering; the risk of retaliation; the impact on the stability and security of the internet itself; the balance of political risks versus gains; and the establishment of unwelcome norms of international behaviour.

Among the possible "significant consequences" are loss of life; responsive actions against the US; damage to property; serious adverse foreign policy or economic impacts.

The US is understood to have already participated in at least one major cyber attack, the use of the Stuxnet computer worm targeted on Iranian uranium enrichment centrifuges, the legality of which has been the subject of controversy. US reports citing high-level sources within the intelligence services said the US and Israel were responsible for the worm.

In the presidential directive, the criteria for offensive cyber operations in the directive is not limited to retaliatory action but vaguely framed as advancing "US national objectives around the world".

The revelation that the US is preparing a specific target list for offensive cyber-action is likely to reignite previously raised concerns of security researchers and academics, several of whom have warned that large-scale cyber operations could easily escalate into full-scale military conflict.

Sean Lawson, assistant professor in the department of communication at the University of Utah, argues: "When militarist cyber rhetoric results in use of offensive cyber attack it is likely that those attacks will escalate into physical, kinetic uses of force."

An intelligence source with extensive knowledge of the National Security Agency's systems told the Guardian the US complaints again China were hypocritical, because America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information.

Provided anonymity to speak critically about classified practices, the source said: "We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world."

The US likes to haul China before the international court of public opinion for "doing what we do every day", the source added.

One of the unclassified points released by the administration in January stated: "It is our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as preferred courses of action."

The full classified directive repeatedly emphasizes that all cyber-operations must be conducted in accordance with US law and only as a complement to diplomatic and military options. But it also makes clear how both offensive and defensive cyber operations are central to US strategy.

Under the heading "Policy Reviews and Preparation", a section marked "TS/NF" - top secret/no foreign - states: "The secretary of defense, the DNI [Director of National Intelligence], and the director of the CIA … shall prepare for approval by the president through the National Security Advisor a plan that identifies potential systems, processes and infrastructure against which the United States should establish and maintain OCEO capabilities…" The deadline for the plan is six months after the approval of the directive.

The directive provides that any cyber-operations "intended or likely to produce cyber effects within the United States" require the approval of the president, except in the case of an "emergency cyber action". When such an emergency arises, several departments, including the department of defense, are authorized to conduct such domestic operations without presidential approval.

Obama further authorized the use of offensive cyber attacks in foreign nations without their government's consent whenever "US national interests and equities" require such nonconsensual attacks. It expressly reserves the right to use cyber tactics as part of what it calls "anticipatory action taken against imminent threats".

The directive makes multiple references to the use of offensive cyber attacks by the US military. It states several times that cyber operations are to be used only in conjunction with other national tools and within the confines of law.

When the directive was first reported, lawyers with the Electronic Privacy Information Center filed a Freedom of Information Act request for it to be made public. The NSA, in a statement, refused to disclose the directive on the ground that it was classified.

In January, the Pentagon announced a major expansion of its Cyber Command Unit, under the command of General Keith Alexander, who is also the director of the NSA. That unit is responsible for executing both offensive and defensive cyber operations.

Earlier this year, the Pentagon publicly accused China for the first time of being behind attacks on the US. The Washington Post reported last month that Chinese hackers had gained access to the Pentagon's most advanced military programs.

The director of national intelligence, James Clapper, identified cyber threats in general as the top national security threat.

Obama officials have repeatedly cited the threat of cyber-attacks to advocate new legislation that would vest the US government with greater powers to monitor and control the internet as a means of guarding against such threats.

One such bill currently pending in Congress, the Cyber Intelligence Sharing and Protection Act (Cispa), has prompted serious concerns from privacy groups, who say that it would further erode online privacy while doing little to enhance cyber security.

In a statement, Caitlin Hayden, national security council spokeswoman, said: "We have not seen the document the Guardian has obtained, as they did not share it with us. However, as we have already publicly acknowledged, last year the president signed a classified presidential directive relating to cyber operations, updating a similar directive dating back to 2004. This step is part of the administration's focus on cybersecurity as a top priority. The cyber threat has evolved, and we have new experiences to take into account.

"This directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.

"This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the US Constitution, including the president's role as commander in chief, and other applicable law and policies."

YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.

PRESIDENTIAL POLICY DIRECTIVE/PPD-20

MEMORANDUM FOR THE VICE PRESIDENTTHE SECRETARY OF STATETHE SECRETARY OF THE TREASURYTHE SECRETARY OF DEFENSETHE ATTORNEY GENERALTHE SECRETARY OF COMMERCETHE SECRETARY OF ENERGYTHE SECRETARY OF HOMELAND SECURITYASSISTANT TO THE PRESIDENT AND CHIEF OF STAFFDIRECTOR OF THE OFFICE OF MANAGEMENT AND BUDGETASSISTANT TO THE PRESIDENT FOR NATIONAL SECURITY AFFAIRSDIRECTOR OF NATIONAL INTELLIGENCEASSISTANT TO THE PRESIDENT FOR HOMELAND SECURITY AND COUNTERTERRORISMDIRECTOR OF THE OFFICE OF SCIENCE AND TECHNOLOGY POLICYDIRECTOR OF THE FEDERAL BUREAU OF INVESTIGATIONDIRECTOR OF THE CENTRAL INTELLIGENCE AGENCYCHAIRMAN OF THE JOINT CHIEFS OF STAFFDIRECTOR OF THE NATIONAL SECURITY AGENCY

SUBJECT: U.S. Cyber Operations Policy (U)

This Presidential Policy Directive (PPD) supersedes NationalSecurity Presidential Directive of July 7, 2004. Thisdirective complements, but does not affect, NSPD-54/HomelandSecurity Presidential Directive on "CybersecurityPolicy" of January 8, 2008; National Security Directive on "National Policy for the Security of National SecurityTelecommunications and Information Systems" of July 5, 1990; andPPD-8 on "National Preparedness" of March 30, 2011.

I. Definitions (U)

The following terms are defined for the purposes of thisdirective and should be used when possible in interagencydocuments and communications on this topic to ensure commonunderstanding. (U)

Network Defense: Programs, activities, and the use of toolsnecessary to facilitate them (including those governed byand conducted on a computer, network,or information or communications system by the owner or withthe consent of the owner and, as appropriate, the users forthe primary purpose of protecting (1) that computer, network,or system; (2) data stored on, processed on, or transitingthat computer, network, or system; or (3) physical and virtualinfrastructure controlled by that computer, network, orsystem. Network defense does not involve or require accessingor conducting activities on computers, networks, orinformation or communications systems without authorizationfrom the owners or exceeding access authorized by the owners.(U)

Malicious Cyber Activity: Activities, other than thoseauthorized by or in accordance with U.S. law, that seek tocompromise or impair the confidentiality, integrity, oravailability of computers, information or communicationssystems, networks, physical or virtual infrastructurecontrolled by computers or information systems, or informationresident thereon. (U)

Cyber Collection:Operations and related programs oractivities conducted by or on behalf of the United StatesGovernment, in or through cyberspace, for the primary purposeof collecting intelligence -- including information that can beused for future operations -- from computers, information orcommunications systems, or networks with the intent to remainundetected. Cyber collection entails accessing a computer,information system, or network without authorization from theowner or operator of that computer, information system, ornetwork or from a party to a communication or by exceedingauthorized access. Cyber collection includes those activitiesessential and inherent to enabling cyber collection, such asinhibiting detection or attribution, even if they create cybereffects.

Defensive Cyber Effects Operations (DCEO): Operations andrelated programs or activities other than network defense orcyber collection - conducted by or on behalf of theUnited States Government, in or through cyberspace, that areintended to enable or produce cyber effects outsideUnited States Government networks for the purpose of defendingor protecting against imminent threats or ongoing attacks ormalicious cyber activity against U.S. national interests frominside or outside cyberspace.

Nonintrusive Defensive Countermeasures (NDCM): The subset ofDCEO that does not require accessing computers, information orcommunications systems, or networks without authorization fromthe owners or operators of the targeted computers, informationor communications systems, or networks or exceeding authorizedaccess and only creates the minimum cyber effects needed tomitigate the threat activity.

Offensive Cyber Effects Operations (OCEO): Operations andrelated programs or activities other than network defense,cyber collection, or DCEO -- conducted by or on behalf of theUnited States Government, in or through cyberspace, that areintended to enable or produce cyber effects outsideUnited States Government networks.

Significant Consequences: Loss of life, significantresponsive actions against the United States, significantdamage to property, serious adverse U.S. foreign policyconsequences, or serious economic impact on the United States.(U)

U.S. National Interests: Matters of vital interest to theUnited States to include national security, public safety,national economic security, the safe and reliable functioningof "critical infrastructure," and the availability of "keyresources."1 (U)

Emergency Cyber Action: A cyber operation undertaken at thedirection of the head of a department or agency withappropriate authorities who has determined that such action isnecessary, pursuant to the requirements of this directive, tomitigate an imminent threat or ongoing attack against U.S.national interests from inside or outside cyberspace and undercircumstances that at the time do not permit obtaining priorPresidential approval to the extent that such approval wouldotherwise be required.

II. Purpose and Scope (U)

The United States has an abiding interest in developing andmaintaining use of cyberspace as an integral part of U.S.national capabilities to collect intelligence and to deter,deny, or defeat any adversary that seeks to harm U.S. nationalinterests in peace, crisis, or war. Given the evolution in U.S.experience, policy, capabilities, and understanding of the cyberthreat, and in information and communications technology, thisdirective establishes updated principles and processes as partof an overarching national cyber policy framework. (C/NF)

The United States Government shall conduct all cyberoperations consistent with the U.S. Constitution and otherapplicable laws and policies of the United States, includingPresidential orders and directives. (C/NF)

The United States Government shall conduct DCEO and OCEO underthis directive consistent with its obligations underinternational law, including with regard to matters ofsovereignty and neutrality, and, as applicable, the law ofarmed conflict. (C/NF)

This directive pertains to cyber operations, including thosethat support or enable kinetic, information, or other types ofoperations. Most of this directive is directed exclusively toDCEO and OCEO. (S/NF)

The United States Government has mature capabilities andeffective processes for cyber collection. (S/NF)

Therefore, this directive affirms and does not intend to alterexisting procedures, guidelines, or authorities for cybercollection. (S/NF)

This directive provides a procedure for cyber collectionoperations that are reasonably likely to result in"significant consequences." [2] (S/NF)

The principles and requirements in this directive apply exceptas otherwise lawfully directed by the President. With theexception of the grant of authority to the Secretary of Defenseto conduct Emergency Cyber Actions as provided below, nothing inthis directive is intended to alter the existing authorities of,or grant new authorities to, any United States Governmentdepartment or agency (including authorities to carry outoperational activities), or supersede any existing coordinationand approval processes, other than those of Nothing inthis directive is intended to limit or impair militarycommanders from using DCEO or OCEO specified in a militaryaction approved by the President and previously coordinated anddeconflicted as required by existing processes and thisdirective. (S/NF)

In addition, this directive does not pertain to or alterexisting authorities related to the following categories ofactivities by or on behalf of the United States Government,regardless of whether they produce cyber effects:

Activities conducted under section 503 of the NationalSecurity Act of 1947 (as amended);

Activities conducted pursuant to the Foreign IntelligenceSurveillance Act, the approval authority delegated to theAttorney General (AG) by section 2;5 of Executive Order 12333(as amended), or law enforcement authorities; however, cyberoperations reasonably likely to result in significantconsequences still require Presidential approval, andoperations that reasonably can be expected to adversely affectother United States Government operations still requirecoordination under established processes;

Activities conducted by the United States Secret Service forthe purpose of protecting the President, the Vice President,and others as defined in 18 U.S.C. 3056; however, cyberoperations reasonably likely to result in significantconsequences still require Presidential approval, andoperations that reasonably can be expected to adversely affectother United States Government operations still requirecoordination under established processes;

The use of online personas and other virtual operations [3] --undertaken exclusively for counterintelligence, intelligencecollection, or law enforcement purposes that do not involvethe use of DCEO or OCEO;

Activities conducted in cyberspace pursuant tocounterintelligence authorities for the purpose of protectingspecific intelligence sources, methods, and activities;Signals intelligence collection other than cyber collection asdefined in this directive;

Open-source intelligence collection;

Network defense;

Traditional electronic warfare [4] activities;

The development of content to support influence campaigns,military deception, or military information supportoperations; or

Simple transit of data or commands through networks that donot create cyber effects on those networks. (S/NF)

III. Guiding Principles for DCEO and OCEO (U)

DCEO and OCEO may raise unique national security and foreignpolicy concerns that require additional coordination and policyconsiderations because cyberspace is globally connected. DCEOand OCEO, even for subtle or clandestine operations, maygenerate cyber effects in locations other than the intendedtarget, with potential unintended or collateral consequencesthat may affect U.S. national interests in many locations. (S/NF)

The United States Government shall conduct DCEO and OCEO in amanner consistent with applicable values, principles, and normsfor state behavior that the United States Government promotesdomestically and internationally as described in the2011 "International Strategy for Cyberspace." (C/NF)

National-level strategic objectives and operationalnecessities shall dictate what the United States Governmentseeks to accomplish with DCEO and OCEO. (C/NF)

The United States Government shall reserve the right to act inaccordance with the United States' inherent right of selfdefense as recognized in international law, including throughthe conduct of DCEO. (C/NF)

The United States Government shall conduct neither DCEO norOCEO that are intended or likely to produce cyber effectswithin the United States unless approved by the President. Adepartment or agency, however, with appropriate authority mayconduct a particular case of DCEO that is intended or likelyto produce cyber effects within the United States if itqualifies as an Emergency Cyber Action as set forth in thisdirective and otherwise complies with applicable laws andpolicies, including Presidential orders and directives. (C/NF)

The United States Government shall obtain consent from countriesin which cyber effects are expected to occur or those countrieshosting U.S. computers and systems used to conduct DCEO or OCEOunless:

Military actions approved by the President and ordered by theSecretary of Defense authorize nonconsensual DCEO or OCEO,with provisions made for using existing processes to conductappropriate interagency coordination on targets, geographicareas, levels of effect, and degrees of risk for theoperations;

DCEO is undertaken in accordance with the United States'inherent right of self defense as recognized in internationallaw, and the United States Government provides notificationafterwards in a manner consistent with the protection ofU.S. military and intelligence capabilities and foreign policyconsiderations and in accordance with applicable law; or

The President -- on the recommendation of the DeputiesCommittee and, as appropriate, the Principals Committee --determines that an exception to obtaining consent isnecessary, takes into account overall U.S. national interestsand equities, and meets a high threshold of need and effectiveoutcomes relative to the risks created by such an exception. (S/NF)

The information revealed to other countries in the course ofseeking consent shall be consistent with operational securityrequirements and the protection of intelligence sources,methods, and activities. (S/NF)

The United States Government, to ensure appropriate applicationof these principles, shall make all reasonable efforts, undercircumstances prevailing at the time, to identify the adversaryand the ownership and geographic location of the targets andrelated infrastructure where DCEO or OCEO will be conducted orcyber effects are expected to occur, and to identify the peopleand entities, including U.S. persons, that could be affected byproposed DCEO or OCEO. (S/NF)

Additional Considerations for DCEO (U)

The Nation requires flexible and agile capabilities thatleverage the full resources of the United States Government toconduct necessary and proportionate DCEO. These operationsshall conform to the following additional policy principles:

The United States Government shall reserve use of DCEO toprotect U.S. national interests in circumstances when networkdefense or law enforcement measures are insufficient or cannotbe put in place in time to mitigate a threat, and when otherpreviously approved measures would not be more appropriate, orif a Deputies or Principals Committee review determines thatproposed DCEO provides an advantageous degree ofeffectiveness, timeliness, or efficiency compared to othermethods commensurate with the risks;

The United States Government shall conduct DCEO with the leastintrusive methods feasible to mitigate a threat;

The United States Government shall seek partnerships withindustry, other levels of government as appropriate, and othernations and organizations to promote cooperative defensivecapabilities, including, as appropriate, through the use ofDCEO as governed by the provisions in this directive; andPartnerships with industry and other levels of government forthe protection of critical infrastructure shall be coordinatedwith the Department of Homeland Security (DHS), working withrelevant sector-specific agencies and, as appropriate, theDepartment of Commerce (DOC). (S/NF)

The United States Government shall work with private industry-- through DHS, DOC, and relevant sector-specific agencies toprotect critical infrastructure in a manner that minimizes theneed for DCEO against malicious cyber activity; however, theUnited States Government shall retain DCEO, includinganticipatory action taken against imminent threats, asgoverned by the provisions in this directive, as an option toprotect such infrastructure. (S/NF)

The United States Government shall -- in coordination, asappropriate, with DHS, law enforcement, and other relevantdepartments and agencies, to include sector-specific agencies-- obtain the consent of network or computer owners forUnited States Government use of DCEO to protect againstmalicious cyber activity on their behalf, unless the activityimplicates the United States' inherent right of self-defenseas recognized in international law or the policy reviewprocesses established in this directive and appropriate legalreviews determine that such consent is not required. (S/NF)

Offensive Cyber Effects Operations (U)

OCEO can offer unique and unconventional capabilities to advanceU.S. national objectives around the world with little or nowarning to the adversary or target and with potential effectsranging from subtle to severely damaging. The development andsustainment of OCEO capabilities, however, may requireconsiderable time and effort if access and tools for a specifictarget do not already exist. (TS/NF)

The United States Government shall identify potential targetsof national importance where OCEO can offer a favorablebalance of effectiveness and risk as compared with otherinstruments of national power, establish and maintain OCEOcapabilities integrated as appropriate with other U.S.offensive capabilities, and execute those capabilities in amanner consistent with the provisions of this directive.( TS/NF)

IV. Cyber Operations with Significant Consequences (U)

Specific Presidential approval is required for any cyberoperations including cyber collection, DCEO, and OCEO --determined by the head of a department or agency to conduct theoperation to be reasonably likely to result in "significantconsequences" as defined in this directive. This requirementapplies to cyber operations generally, except for those alreadyapproved by the President, even if this directive otherwise doesnot pertain to such operations as provided in the "Purpose andScope" section of this directive. (S/NF)

V. Threat Response Operations (U)

Responses to Persistent Malicious Cyber Activity (U)

Departments and agencies with appropriate authorities consistent with the provisions set forth in this directive andin coordination with the Departments of State, Defense (DOD),Justice (DOJ), and Homeland Security; the Federal Bureau ofInvestigation the Office of the Director of NationalIntelligence the National Security Agency theCentral Intelligence Agency the Departments of theTreasury and Energy and other relevant members of theIntelligence Community (IC) and sector-specific agencies -- shallestablish criteria and procedures to be approved by thePresident for responding to persistent malicious cyber activityagainst U.S. national interests. Such criteria and proceduresshall include the following requirements:

The United States Government shall reserve use of suchresponses to circumstances when network defense or lawenforcement measures are insufficient or cannot be put inplace in time to mitigate the malicious cyber activity; andDepartments and agencies shall conduct these responses in amanner not reasonably likely to result in significantconsequences and use the minimum action required to mitigatethe activity. (S/NF)

Emergency Cyber Actions

The Secretary of Defense is hereby authorized to conduct, or adepartment or agency head with appropriate authorities mayconduct, under procedures approved by the President, EmergencyCyber Actions necessary to mitigate an imminent threat orongoing attack using DCEO if circumstances at the time do notpermit obtaining prior Presidential approval (to the extent thatsuch approval would otherwise be required) and the department oragency head determines that:

An emergency action is necessary in accordance with theUnited States inherent right of self-defense as recognized ininternational law to prevent imminent loss of life orsignificant damage with enduring national impact on thePrimary Mission Essential Functions of the United StatesGovernment,5 U.S. critical infrastructure and key resources,or the mission of U.S. military forces;

Network defense or law enforcement would be insufficient orunavailable in the necessary time-frame, and other previouslyapproved activities would not be more appropriate;

The Emergency Cyber Actions are reasonably likely not toresult in significant consequences;

The Emergency Cyber Actions will be conducted in a mannerintended to be nonlethal in purpose, action, and consequence;

The Emergency Cyber Actions will be limited in magnitude,scope, and duration to that level of activity necessary tomitigate the threat or attack;

The Emergency Cyber Actions, when practicable, have beencoordinated with appropriate departments and agencies,including State, DOD, DES, DOJ, the Office of the DNI, FBI,CIA, NSA, the Treasury, DOE, and other relevant members of theIC and sector-specific agencies; and

The Emergency Cyber Actions are consistent with theU.S. Constitution and other applicable laws and policies ofthe United States, including Presidential orders anddirectives. (S/NF)

In addition, Emergency Cyber Actions that are intended or likelyto produce cyber effects within the United States (or otherwiselikely to adversely affect U.S. network defense activities orU.S. networks) must be conducted:

Under the procedures and, as appropriate, criteria fordomestic operations previously approved by the President; andUnder circumstances that at the time of the Emergency CyberAction preclude the use of network defense, law enforcement,or some form of DOD support to civil authorities that wouldprevent the threatened imminent loss of life or significantdamage. (S/NF)

Department and agency heads shall report Emergency Cyber Actionsto the President through the National Security Advisor as soonas feasible. If the coordination specified above is notpracticable in the available time, then notification shall occurafter the fact as soon as possible to inform subsequent whole-of-government response and recovery activities. (S/NF)

Until such time as any additional criteria for domesticoperations are approved by the President, authorization bydepartment and agency heads for Emergency Cyber Actions that areintended or likely to produce cyber effects within the UnitedStates (or otherwise likely to adversely affect U.S. networkdefense activities or U.S. networks) shall be granted only ifthe President has provided prior approval for such activity, orcircumstances at the time do not permit obtaining prior approvalfrom the President and such actions are conducted within theother constraints defined above. (S/NF)

VI. Process (U)

The National Security Staff (NSS) shall formalize the functionsof the Cyber Operations Policy Working Group (COP-WG) as theprimary United States Government forum below the level of anInteragency Policy Committee (IPC) for integrating DCEO or OCEOpolicy, including consideration of exceptions or refinements tothe principles of this directive. The COP-WG shall work withother elements of the policy community as appropriate to thegeographic or functional context of the DCEO- or OCEO~relatedpolicy discussion at the earliest opportunity. The COP-WG isnot an operational group, but will address policy issues relatedto the conduct of operations raised by departments and agenciesor the NSS. (S/NF)

Departments and agencies shall work through the to raiseunresolved or ambiguous policy questions in an integrated IPCmeeting of all appropriate national and economic securitystakeholders. The NSS shall use existing channels to elevateany unresolved policy conflicts to the Deputies and PrincipalsCommittees, as appropriate. (C/NF)

Departments and agencies shall continue to use existingoperational processes for cyber operations, except as thoseprocesses are modified by or under this directive. Other typesof operations that are supported or enabled by cyber operationsshall use their existing operational processes. This continueduse of existing operational processes applies, for example, tooperations conducted under military orders that authorize DCEOor OCEO, including clandestine preparatory activities. (C/NF)

Departments and agencies, during planning for proposed cyberoperations, shall use established processes [6] to coordinate anddeconflict with other organizations -- including, as appropriate,State, DOD, DOJ, DES, members of the IC, and relevant sector-specific agencies -- and obtain any other approvals requiredunder applicable policies, except as those processes aremodified by or under this directive. Departments and agenciesshall modify or enhance these processes as future circumstancesdictate. (S/NF)

Departments and agencies shall coordinate DCEO and OCEO withState and Chiefs of Station or their designees in countrieswhere DCEO or OCEO are conducted or cyber effects are expectedto occur. (S/NF)

Coordination of DCEO and OCEO with network defense efforts shallbe sufficient to enable a whole-of-government approach to theprotection of U.S. national interests and shall identifypotential implications of proposed DCEO and OCEO for U.S.networks, including potential adversary responses or unintendedconsequences of U.S. operations for which the United StatesGovernment or the private sector would need to prepare. Thiscoordination shall occur in a manner consistent with operationalsecurity requirements and the protection of intelligencesources, methods, and activities.

Toward this end of ensuring a unified whole-of-governmentapproach, departments and agencies shall coordinate anddeconflict DCEO and OCEO with network defense efforts of otherdepartments and agencies as appropriate. (S/NF)

The United States Government shall make all reasonable effortsto identify and notify, as appropriate, private sectorentities that could be affected by DCEO and OCEO. (S/NF)

Policy Criteria (U)

Policy deliberations for DCEO and OCEO shall consider, but notbe limited to, the following criteria:

Impact: The potential threat from adversary actions or thepotential benefits, scope, and recommended prioritization ofproposed U.S. operations as compared with other approaches --including, as appropriate, network defense by theUnited States Government or private sector network operators;

Risks: Assessments of intelligence gain or loss, the risk ofretaliation or other impacts on U.S. networks or interests(including economic), impact on the security and stability ofthe Internet, and political gain or loss to include impact onforeign policies, bilateral and multilateral relationships(including Internet governance), and the establishment ofunwelcome norms of international behavior;

Methods: The intrusiveness, timeliness, efficiency, capacity,and effectiveness of operational methods to be employed;

Geography and Identity: Geographic and identity aspects ofthe proposed activity, including the location of operationsand the resulting effects, the identity of network owners andusers that will be affected, and the identity or type -- whenknown -- of adversaries to be countered or affected by U.S.operations;

Transparency: The need for consent or notification of networkor computer owners or host countries, the potential for impacton U.S. persons and U.S. private sector networks, and the needfor any public or private communications strategies before orafter an operation; and

Authorities and Civil Liberties: The available authoritiesand procedures and the potential for cyber effects inside theUnited States or against U.S. persons. (S/NF)

Policy decisions shall be broad enough and include rationales inorder to provide guidelines and direction for future proposalswith the same operational and risk parameters.

Annex: Implementation (U)

Departments and agencies shall establish necessary Capabilitiesand procedures for appropriate and timely implementation of DCEOand OCEO policies in the national interest.

Policy Process (U)

Departments and agencies shall, as appropriate, conduct DCEOand OCEO in accordance with the principles set forth in thisdirective and shall bring forward to the COP-WG situationsthat require policy discussion, including considerations ofexceptions to those principles, using the policy criteriadescribed in this directive. [Action: All; ongoing] (C/NF)

The National Security Advisor, through the NSS, shallestablish and operate the COP-WG to serve as the entry pointfor interagency deliberations of policy matters related toDCEO and OCEO. [Action: ongoing] (C/NF)

The National Security Advisor, through the NSS, as needed,shall use the existing policy escalation process through anappropriate joint IPC-level group involving all stakeholdersfor a given situation, the Deputies Committee, and thePrincipals Committee. This process shall clarify theapplication of the principles set forth in this directive tospecific operations, including consideration of exceptions orrefinements to those principles. [Action: NSS; ongoing] (C/NF)

The NSS, as needed, shall lead reviews by appropriatedepartments and agencies of legal issues associated with DCEOand OCEO. The NSS shall refer legal questions to the chieflegal officers of the appropriate departments or agencies orto DOJ for resolution of interagency disagreements or asotherwise appropriate. [Action: ongoing] (C/NF)

The DNI shall continue to ensure, through appropriate policiesand procedures, the deconfliction, coordination, andintegration of all IC cyber operations and serve as the ECfocal point for strategic planning and policy coordinationrelated to cyber operations, both within the EC and with otherdepartments and agencies in interagency coordinationprocesses. [Actionz ongoing]

Policy Reviews and Preparation (U)

The Office of the DNI, in coordination with appropriatedepartments and agencies, shall prepare a classification guidefor departments and agencies to use in the implementation ofthe policies in this directive. [Action: Office of the 2 months after directive approval] (U) (C/NF)

The National Security Advisor, through the NSS, shall lead aninteragency review of the United States Government'scommunications strategy: including public affairs guidance,regarding DCEO and OCEO. Pending approval of this strategy bythe Deputies Committee, the United States Government's publicposture on related matters shall be: "All United StatesGovernment activities in cyberspace are consistent with theprinciples stated in the May 2011 International Strategy forCyberspace." [Action: NSS report to Deputies; 1 month afterdirective approval] (C/NF)

The National Security Advisor, through the NSS, shall workwith the Secretaries of Defense, State, and Homeland Security,the AG, the DNI, relevant IC and sector-specific agencies, andother heads of departments and agencies as appropriate todevelop for the conduct of Emergency Cyber Actions, as setforth in this directive -- in addition to the previously citedprocedures and, as appropriate, domestic criteria to beapproved by the President -- detailed concepts of operation,supporting processes, communications capabilities, exercises,and training. In addition, the NSS -- working with these samedepartments and agencies shall, as necessary, develop forPresidential approval procedures and criteria for DCEO to beconducted in response to malicious cyber activity. [Action:NSS update on implementation to Deputies; 3 months afterdirective approval] (TS/NF)

The Secretary of Defense, the DNI, and the Director of the CIAin coordination with the AG, the Secretaries of State andHomeland Security, and relevant IC and sector-specificagencies shall prepare for approval by the President throughthe National Security Advisor a plan that identifies potentialsystems, processes, and infrastructure against which theUnited States should establish and maintain OCEO capabilities;proposes circumstances under which OCEO might be used; andproposes necessary resources and steps that would be neededfor implementation, review, and updates as U.S. nationalsecurity needs change. [Action: DOD, Office of the DNI, andCIA update to Deputies on scope of plans; 6 months afterdirective approval] (TS/NF)

The Secretary of Defense and other department and agency headsas appropriate -- in coordination with the Secretary ofHomeland Security shall develop andmaintain a flexible, agile capability for the purpose of usingDCEO to defend U.S. networks consistent with the provisionsset forth in this directive. [Action: DOD and others;ongoing] (C/NF)

The Secretary of Defense -- in coordination with theSecretaries of Homeland Security, Commerce, and State, the AG,the DNI, and relevant IC and sectorwspecific agencies shalldevelop a multi-phase plan to be approved by the DeputiesCommittee for testing, reviewing, and implementing NDCM. Theplan shall be subjected to legal review and addressauthorities, technical feasibility, operational risks, andcoordination procedures. [Action: DOD present first phase ofplans to Deputies; 2 months after directive approval] (S/NF)

The AG and the DNI -- incollaboration with the Secretaries ofDefense, State, Commerce, and Homeland Security, and relevantIC and sector-specific agencies shall develop a multi-phaseplan to be approved by the Deputies Committee for a test ofthe applicability and efficacy of counterintelligenceauthorities in the conduct of DCEO. The plan shall besubjected to legal review and address technical feasibility,operational risks, and coordination procedures. [Action: D0Jand Office of the DNI present first phase of plans toDeputies; 2 months after directive approval] (S/NF)

The Secretaries of Defense and Homeland Security, the DNI, theAG, and the Director of the CIA in collaboration asappropriate with the Secretaries of State and Commerce and theheads of relevant IC and sector-specific agencies shalldevelop proposals to be approved by the President through theNational Security Advisor to ensure that a necessary frameworkof proposed options, roles, and levels of delegation is inplace for the use of all appropriate United States GovernmentDCEO and OCEO capabilities to advance and defend U.S. nationalinterests, including actions taken in response to indicationsof imminent threat or when the United States or the Internetis subjected to a debilitating attack. This framework shallconsider how cyber operations capabilities will complementother United States Government cyber capabilities, includingnetwork defense and law enforcement. [Action: DOD, DHS, DOJ,Office of the DNI, and CIA update to Deputies; 6 months afterdirective approval] (S/NF)

Department and agency heads conducting DCEO or OCEO coveredunder this directive shall report annually on the use andeffectiveness of operations of the previous year to thePresident through the National Security Advisor. [Action:relevant departments and agencies; ongoing until otherwisedirected] (S/NF)

Foundation Building (U)

The DNI, working with appropriate departments and agencies,shall continue to lead interagency efforts to improveintelligence collection in support of DCEO and OCEO, includingunder conditions when Internet infrastructure is significantlydegraded. These efforts shall include an enhanced process forsharing intelligence-based cyber threat information with theprivate sector and international partners in the interest ofminimizing the need for DCEO. The DNI shall identify neededinvestments -- including in research and development, testing,and evaluation -- to help develop intelligence capabilities insupport of DCEO and OCEO. [Action: Office of the ongoing] (S/NF)

The Secretary of State -- in coordination with the Secretariesof Defense and Homeland Security, the AG, the DNI, and othersas appropriate shall continue to lead efforts to establishan international consensus around norms of behavior incyberspace to reduce the likelihood of and deter actions byother nations that would require the United States Governmentto resort to DCEO. [Action: State; ongoing] (C/NF)

The AG -- through the FBI and in coordination as appropriatewith DHS, appropriate elements of the EC, and otherdepartments and agencies - shall continue to identify,investigate, mitigate, and disrupt malicious cyber activity inthe interest of minimizing the need for DCEO. The AG, throughthe National Cyber Investigative Joint Task Force, shall leadrelated interagency efforts by integrating, sharing,coordinating, and collaborating on counterintelligence,counterterrorism, intelligence, and law enforcementinformation from member organizations concerninginvestigations of malicious cyber activity in order tofacilitate the use of all available authorities to addresssuch threats. These activities shall be coordinated withother entities and the private sector as appropriate.[Action: ongoing] (C/NF)

The Secretaries of State, Defense, Homeland Security, andCommerce -- along with the AG, the DNI, and others asappropriate shall continue to advance interagency effortswith international partners to increase their cyber capacitiesfor self protection and, where appropriate, to facilitatecooperative defense of cyberspace in the interest ofminimizing the need for DCEO. The partnerships shall includeapplication of not only improvements to network defenses, butalso sharing -- as appropriate and consistent with operationalsecurity requirements and the protection of intelligencesources, methods, and activities -- of DCEO-relatedinformation, tools, and methods consistent with the provisionsset forth in this directive, the National Disclosure Policy,and with U.S. national interests. [Action: State, DOD, DHS,DOC, and Office of the ongoing] (C/NF)

The Secretary of Homeland Security in coordination with theSecretaries of Defense and Commerce, the AG, the DNI, and theheads of relevant sector-specific agencies -- shall continue tolead interagency efforts to develop partnerships with otherlevels of government and the private sector to increase thenation's cyber capacities for self protection and, whereappropriate, to facilitate cooperative efforts to securecyberspace in the interest of minimizing the need for DCEO.[Action: ongoing] (C/NF)

_______________

Notes:

1. As these terms are used in on "Critical Infrastructure,Identification, Prioritization, and Protection" from December 17, 2003. (U)

4 As defined by the Joint Dictionary 1-02, "Department of Defense Dictionaryof Military and Associated Terms" (as amended through February 15, 2012):military action involving the use of electromagnetic or directed energy tocontrol the electromagnetic spectrum or to attack the enemy. Electronicwarfare consists of three divisions: electronic attack, electronicprotection, and electronic warfare support. (U)

5 As defined in on "National Continuity Policy" of May 9,2007. (U)

6 Including the May 9, 2007, "Trilateral Memorandum of Agreement (MOA) amongthe Department of Defense and the Department of Justice and the IntelligenceCommunity Regarding Computer Network Attack and Computer Network ExploitationActivities," and other operational Coordination processes that exist betweendepartments and agencies. (S/NF)